Try VMRay Platform
Malicious
Classifications

Spyware Stealer

Threat Names

KematianStealer

Dynamic Analysis Report

Created on 2024-06-28T11:19:01+00:00

qrjeodq.bat

Windows Batch File
...

Remarks (2/2)

(0x02000008): One or more processes crashed during the analysis. Analysis results may be incomplete.

(0x0200000E): The overall sleep time of all monitored processes was truncated from "1 day, 13 hours, 41 minutes, 9 seconds" to "1 minute, 20 seconds" to reveal dormant functionality.

Filters:
File Name Category Type Verdict Actions
C:\Users\5AlR3U30D3\Desktop\qrjeodq.bat Sample File Batch
Malicious
...
»
MIME Type application/x-bat
File Size 3.36 MB
MD5 07f9549ba0e65bb2bd47fcf55c60a608 Copy to Clipboard
SHA1 50f97f17245b1967ae322f5a72f48184db4932fa Copy to Clipboard
SHA256 84617e9c081b6b585582d2589aace5a0a7887283f9488b5a6d05906f94116f36 Copy to Clipboard
SSDeep 1536:r9M37hEimNW4QbAjC5SMd0aF00kd5Regk1IcIoJkFVcKaoowmgd27/:IENXCbiae0kjRep6VcEo/gUT Copy to Clipboard
ImpHash -
18382f6c7f8b52c779243c6cc7d4cbc51a95d31d40bc748bc2ec65c63219c358 Downloaded File Text
Malicious
...
»
MIME Type text/plain
File Size 72.34 KB
MD5 51299f3a266034e35d706a1d0aa5580b Copy to Clipboard
SHA1 3c9ef68f69b9f8c2941e9d765ae0ae8df9bfdf14 Copy to Clipboard
SHA256 18382f6c7f8b52c779243c6cc7d4cbc51a95d31d40bc748bc2ec65c63219c358 Copy to Clipboard
SSDeep 1536:F8SdVn5ahg5yYp6zdv/5l05Qo8l01zhwZPhZcLrJS7srHX6Cg:F8SdVn5Uwiv/5IQo8l01zhw5hUr9KCg Copy to Clipboard
ImpHash -
YARA Matches (2)
»
Rule Name Rule Description Classification Score Actions
KematianStealer KematianStealer Stealer
5/5
...
PowerShell_Execution_Commands PowerShell command execution detected -
4/5
...
C:\Users\5AlR3U30D3\AppData\Local\Temp\0090F567-A6D3-0000-0000-000000000000_DE_MYB7ZA2AF_2024-06-28_UTC1.zip Dropped File ZIP
Clean
...
»
MIME Type application/zip
File Size 4.00 KB
MD5 b9ba09cc00f2a274221e06bfde7a12fc Copy to Clipboard
SHA1 b41693a12b570015b58563a46cac20873158a09d Copy to Clipboard
SHA256 1fa761c14b3091991d70608c6d9597f1a5c468f9e1e22606bd84c2e5fb9995d5 Copy to Clipboard
SSDeep 96:BWKMPF9enp2Wq7x3g1UjZA7n4XDz005nJ+7Wrr6+iTh:RMPFcpYwUjZzX15Q6rmZ Copy to Clipboard
ImpHash -
Archive Information
»
Number of Files 2
Number of Folders 1
Size of Packed Archive Contents 3.48 KB
Size of Unpacked Archive Contents 15.49 KB
File Format zip
Contents (2)
»
File Name Packed Size Unpacked Size Compression Is Encrypted Modify Time Verdict Recursively Submitted Actions
DE-(MYB7ZA2AF)-(2024-06-28)-(UTC1)\productkey.txt 42 Bytes 46 Bytes Deflate False 2024-06-28 13:22 (UTC)
Clean
-
...
DE-(MYB7ZA2AF)-(2024-06-28)-(UTC1)\System.txt 3.44 KB 15.44 KB Deflate False 2024-06-28 13:22 (UTC)
Clean
-
...
C:\Users\5AlR3U30D3\AppData\Roaming\Kematian\DE-(MYB7ZA2AF)-(2024-06-28)-(UTC1)\System.txt Dropped File Text
Clean
...
»
Also Known As DE-(MYB7ZA2AF)-(2024-06-28)-(UTC1)\System.txt (Archive File, Miscellaneous File)
Parent File C:\Users\5AlR3U30D3\AppData\Local\Temp\0090F567-A6D3-0000-0000-000000000000_DE_MYB7ZA2AF_2024-06-28_UTC1.zip
MIME Type text/plain
File Size 15.44 KB
MD5 aa69f0a7ba975f6110e6e3ec0ee46fd8 Copy to Clipboard
SHA1 b5f7af8819422b54f1af51411a14d188f631339f Copy to Clipboard
SHA256 2f7b834ad8bc7a21b8af53bdbfdd57d6d52b66b34fe228e1aba2ead6541b5faf Copy to Clipboard
SSDeep 384:Av+czNRNU3iNzGuDP18Bvm/s/K/E/N/3/8/pxAoY/jbm8Q6H/5tHactQAD1G3yjt:AvtNRNU3iNzGuDP18Bvm/s/K/E/N/3/n Copy to Clipboard
ImpHash -
C:\Users\5AlR3U30D3\AppData\Local\Temp\utblrtvk\utblrtvk.0.cs Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 4.92 KB
MD5 2a829317f65fea84eb85cb2376fa9e21 Copy to Clipboard
SHA1 2f223ea8738f9989385e93b9c8cf0e8fc5e30700 Copy to Clipboard
SHA256 f99c46f447010a438586651fcdf9068394926247bf7656980fee066b2069fe8f Copy to Clipboard
SSDeep 96:JL4W84Ji4AnzvN0OpVDUNKMiNjHJ4OY492VXyNbEqbE:OqHeVRV4oMiNjHJu/VCNIr Copy to Clipboard
ImpHash -
C:\Users\5AlR3U30D3\AppData\Local\Temp\4gj5bbza\4gj5bbza.0.cs Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 1.04 KB
MD5 6cd5b22aff0ac340cba788be54877f27 Copy to Clipboard
SHA1 a799f3c293f1a515f71b71a45636a60f5dea1600 Copy to Clipboard
SHA256 c6b7a8f6456604d8b62fcd727ec0e1f9bff262b4b6d88418d343573b0e39abc1 Copy to Clipboard
SSDeep 24:J4FPRZTpNHlqRiuVyJmDtWRzNKmWirOS+I1Yb0lAdE:J4FPrTTHlluVyJKWRNWirmI00lqE Copy to Clipboard
ImpHash -
C:\Users\5AlR3U30D3\AppData\Local\Temp\utblrtvk\utblrtvk.out Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 813 Bytes
MD5 55107128ec2a5b6ea96fc9e43673d3be Copy to Clipboard
SHA1 4f1181fa443d6bae40eae2c3360df5c31db80947 Copy to Clipboard
SHA256 edd182287f2fc94c04be683cd544ecc9b614b8e95e5d0cc8a6afdc19a9536936 Copy to Clipboard
SSDeep 12:KHi/qR37Lvkmb6KOkrk+ik9k/Lkqe1xZY7ZIx0WZERY7ZIb+:KIqd3ka6KOk9kjkqe9YsVERY4+ Copy to Clipboard
ImpHash -
C:\Users\5AlR3U30D3\AppData\Local\Temp\utblrtvk\utblrtvk.cmdline Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 722 Bytes
MD5 3af3dfb5727c88b16f85ecbb373b112a Copy to Clipboard
SHA1 e9b7dfa1f96fbbca54b6ad2a602ead9dec462c35 Copy to Clipboard
SHA256 88d6dbe7407d3e3cc2c02e2aac426577c1bb38a9323a09f0073b9229405e0472 Copy to Clipboard
SSDeep 12:p37Lvkmb6KOkrk+ik9k/Lkqe1xZY7ZIx0WZERY7ZIbn:V3ka6KOk9kjkqe9YsVERY4n Copy to Clipboard
ImpHash -
C:\Users\5AlR3U30D3\AppData\Local\Temp\x0apuumx\x0apuumx.0.cs Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 512 Bytes
MD5 a36c5dbd22147371b4ea6ffacb560fb6 Copy to Clipboard
SHA1 e7248cd6a49d3aae9439efdffaceeacad6a7c523 Copy to Clipboard
SHA256 fc874c6cbd59c24e83702e0cd6f301c4a929865687d8e0d041090a2bcd801a60 Copy to Clipboard
SSDeep 12:V/DGrO46k3wAkFV758vZAheG+LfhE8vPoeL3j8vE:JoO46/FVW0eG+rhVIe7w8 Copy to Clipboard
ImpHash -
C:\Users\5AlR3U30D3\AppData\Local\Temp\4gj5bbza\4gj5bbza.out Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 481 Bytes
MD5 5578f1cdc90f1b0228ec78d05a5b76e4 Copy to Clipboard
SHA1 b5fd398151e0560296ed76a6b2fc632681be7bf7 Copy to Clipboard
SHA256 b87ac6707a9ac9c6d204d825b377f79760085169e2581b0bcc046e00347e7494 Copy to Clipboard
SSDeep 6:KOPyj23fcMLW69VwRhMuAu+H2LvkuqJDdqxLTKbDdqB/6K2Pyj23fQSt0zxs7+AR:Kw9qR37Lvkmb6KYWWZERze Copy to Clipboard
ImpHash -
C:\Users\5AlR3U30D3\AppData\Local\Temp\x0apuumx\x0apuumx.out Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 470 Bytes
MD5 a9f6d3416fe3ee89909571f6b139ceba Copy to Clipboard
SHA1 fdc29ea5c687b4ba12ded1ef09f5298eb5a6745a Copy to Clipboard
SHA256 1a661da4c2cac7aafbcd8359376b9569bbaabbe1178a260e2d802fcc3a6e4f57 Copy to Clipboard
SSDeep 6:KOPyxi/LW69VwRhMuAu+H2LvkuqJDdqxLTKbDdqB/6K2Pyj23ftf5FLGzxs7+AEG:KHi/qR37Lvkmb6KYFzGWZERFzhU Copy to Clipboard
ImpHash -
C:\Users\5AlR3U30D3\AppData\Local\Temp\hyrv1kt1\hyrv1kt1.out Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 470 Bytes
MD5 9fb573b0969de65ebc5f90bc7d8ad24c Copy to Clipboard
SHA1 66d9b2b3a77cfc1282ec791163931d35de539925 Copy to Clipboard
SHA256 0895136c239dd60f2d95539dcfc69c18fb312a92abd3b724f4a9fea3b96294bf Copy to Clipboard
SSDeep 6:KOPyxi/LW69VwRhMuAu+H2LvkuqJDdqxLTKbDdqB/6K2Pyj23fb0zxs7+AEszIPk:KHi/qR37Lvkmb6KYD0WZERo Copy to Clipboard
ImpHash -
C:\Users\5AlR3U30D3\AppData\Local\Temp\x0apuumx\x0apuumx.cmdline Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 379 Bytes
MD5 07ce66fd7e863ecc4f88a9cff87694f0 Copy to Clipboard
SHA1 c9301204af2ccc34e82548a79267769a8e0d19f3 Copy to Clipboard
SHA256 76a22fe6fc116ca6e16307d51a691145a47bebde275c1bb2c531ef213076e00b Copy to Clipboard
SSDeep 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2Pyj23ftf5FLGzxs7+AEszIPyj23ftf5FLhx:p37Lvkmb6KYFzGWZERFzhx Copy to Clipboard
ImpHash -
C:\Users\5AlR3U30D3\AppData\Local\Temp\hyrv1kt1\hyrv1kt1.cmdline Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 379 Bytes
MD5 5b94de172047c0c1162bdf9969db97b0 Copy to Clipboard
SHA1 ecf9ef9753538baf83ba750e7edaeeda129b950c Copy to Clipboard
SHA256 d1077ca7fc2046979ca7ba5f5d7bf8e558cc1ed4805db416cfa01685043f399f Copy to Clipboard
SSDeep 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2Pyj23fb0zxs7+AEszIPyj23f1:p37Lvkmb6KYD0WZERN Copy to Clipboard
ImpHash -
C:\Users\5AlR3U30D3\AppData\Local\Temp\4gj5bbza\4gj5bbza.cmdline Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 379 Bytes
MD5 4dc77cb73a9f4ce7caba51a777f4ae9d Copy to Clipboard
SHA1 2389bb828b8a34594767649ab8ba0545824e3a1b Copy to Clipboard
SHA256 b90fa9916c9cee97d49f4fb34240cd834f3523e796d4c79861c442134adf9c2c Copy to Clipboard
SSDeep 6:pAu+H2LvkuqJDdqxLTKbDdqB/6K2Pyj23fQSt0zxs7+AEszIPyj23fQSdBH:p37Lvkmb6KYWWZERzH Copy to Clipboard
ImpHash -
C:\Users\5AlR3U30D3\AppData\Local\Temp\hyrv1kt1\hyrv1kt1.0.cs Dropped File Text
Clean
...
»
MIME Type text/plain
File Size 321 Bytes
MD5 249ab1409c1ad0e025a82d513e4f7f12 Copy to Clipboard
SHA1 f38f701e2e6be38739f36d04586f90f39babf2ad Copy to Clipboard
SHA256 9babf0e0294d1743f12c4fb3ddac50ca25c75accd223c4f1716d916f659c538c Copy to Clipboard
SSDeep 6:V/DAeoA8oseLGCRMTKw8x5PTn/xPs1SMqNDKKAyRMT3wuF8KR1C+nIMgJ:V/DFoewCxdnp4SrpAywAuF8KRQ+n+J Copy to Clipboard
ImpHash -
C:\Windows\System32\kdotLffirs.bat Dropped File Text
Clean
...
»
Also Known As C:\Windows\System32\kdotqxeWQd.bat (Accessed File)
C:\Windows\System32\kdotsmFuj.bat (Accessed File)
C:\Windows\System32\kdotzASik.bat (Accessed File)
C:\Windows\system32\kdotLffirs.bat (Accessed File)
C:\Windows\system32\kdotqxeWQd.bat (Accessed File)
C:\Windows\system32\kdotsmFuj.bat (Accessed File)
C:\Windows\system32\kdotzASik.bat (Accessed File)
kdotLffirs.bat (Accessed File)
kdotqxeWQd.bat (Accessed File)
kdotsmFuj.bat (Accessed File)
kdotzASik.bat (Accessed File)
MIME Type text/x-msdos-batch
File Size 168 Bytes
MD5 7385c49250616b2ced147c73a2a4f4df Copy to Clipboard
SHA1 b61ab8eaffbcfae22f137937e4b2dadb9ae45784 Copy to Clipboard
SHA256 338d9404b2762987e4b9279b443f39169448bb173cdb594667f719a9bf332cf7 Copy to Clipboard
SSDeep 3:mKDDgvJxwuMWxJyfJAUXB0KFFSvQX4AThQoV1REJOMWW8I/i3IFPbAxg98VEyn:hO/wu9PyxAUqKFgvt2hQI1iAMLg34jAZ Copy to Clipboard
ImpHash -
C:\Users\5AlR3U30D3\AppData\Roaming\Kematian\DE-(MYB7ZA2AF)-(2024-06-28)-(UTC1)\productkey.txt Dropped File Text
Clean
...
»
Also Known As DE-(MYB7ZA2AF)-(2024-06-28)-(UTC1)\productkey.txt (Archive File, Miscellaneous File)
Parent File C:\Users\5AlR3U30D3\AppData\Local\Temp\0090F567-A6D3-0000-0000-000000000000_DE_MYB7ZA2AF_2024-06-28_UTC1.zip
MIME Type text/plain
File Size 46 Bytes
MD5 b1c224ba1ec3bca1cad4417244d1db33 Copy to Clipboard
SHA1 c9eb2fee1827029e7a86539b713102253068c541 Copy to Clipboard
SHA256 0a617e886b9fa9aa5cda87f74982b9d684777e6ad506833e00086bc5a0e17088 Copy to Clipboard
SSDeep 3:QrQPXl+B5lRNuHbl49:QkPAfZc49 Copy to Clipboard
ImpHash -
C:\Users\5AlR3U30D3\AppData\Local\Temp\4gj5bbza\4gj5bbza.dll Dropped File Empty
Clean
...
  • Actions
»
Also Known As C:\Users\5AlR3U30D3\AppData\Local\Temp\4gj5bbza\4gj5bbza.err (Dropped File, Accessed File)
C:\Users\5AlR3U30D3\AppData\Local\Temp\4gj5bbza\4gj5bbza.tmp (Dropped File, Accessed File)
C:\Users\5AlR3U30D3\AppData\Local\Temp\hyrv1kt1\hyrv1kt1.dll (Dropped File, Accessed File)
C:\Users\5AlR3U30D3\AppData\Local\Temp\hyrv1kt1\hyrv1kt1.err (Dropped File, Accessed File)
C:\Users\5AlR3U30D3\AppData\Local\Temp\hyrv1kt1\hyrv1kt1.tmp (Dropped File, Accessed File)
C:\Users\5AlR3U30D3\AppData\Local\Temp\utblrtvk\utblrtvk.dll (Dropped File, Accessed File)
C:\Users\5AlR3U30D3\AppData\Local\Temp\utblrtvk\utblrtvk.err (Dropped File, Accessed File)
C:\Users\5AlR3U30D3\AppData\Local\Temp\utblrtvk\utblrtvk.tmp (Dropped File, Accessed File)
C:\Users\5AlR3U30D3\AppData\Local\Temp\x0apuumx\x0apuumx.dll (Dropped File, Accessed File)
C:\Users\5AlR3U30D3\AppData\Local\Temp\x0apuumx\x0apuumx.err (Dropped File, Accessed File)
C:\Users\5AlR3U30D3\AppData\Local\Temp\x0apuumx\x0apuumx.tmp (Dropped File, Accessed File)
MIME Type application/x-empty
File Size 0 Bytes (not extracted)
MD5 d41d8cd98f00b204e9800998ecf8427e Copy to Clipboard
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709 Copy to Clipboard
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 Copy to Clipboard
SSDeep 3:: Copy to Clipboard
ImpHash -
b94954783a3a0c42d37cd001fce737c66790f69d3566ab7aa3fcbca8e1bb5536 Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 6.30 KB
MD5 75846ce1e77e07545629a87ac9bc4a2b Copy to Clipboard
SHA1 d27af6c792327bf5832148c6797cd88dac333baa Copy to Clipboard
SHA256 b94954783a3a0c42d37cd001fce737c66790f69d3566ab7aa3fcbca8e1bb5536 Copy to Clipboard
SSDeep 96:iPL4W84Ji4AnzvN0OpVDUNKMiNjHJ4OY492VXyNbEqbIQH9idwO3Kglh:isqHeVRV4oMiNjHJu/VCNIgH9MwO3Kyh Copy to Clipboard
ImpHash -
bd0840287010fac9d8b291636721cae400e5403980f65c57a23d3d1470472e7e Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 1.17 KB
MD5 434a0a967c9cc06532469d344323a094 Copy to Clipboard
SHA1 85ffef0e616a43d958d1de7e213735f23672e3e3 Copy to Clipboard
SHA256 bd0840287010fac9d8b291636721cae400e5403980f65c57a23d3d1470472e7e Copy to Clipboard
SSDeep 24:nq4FPRZTpNHlqRiuVyJmDtWRzNKmWirOS+I1Yb0lAd+Lq:nq4FPrTTHlluVyJKWRNWirmI00lq8q Copy to Clipboard
ImpHash -
fd95c6be1e1e2d1788f6484bf2e0e9b35a949922273818482815c585afcf4826 Downloaded File Unknown
Clean
...
»
MIME Type application/json
File Size 287 Bytes
MD5 71fc8414345bcaaf4e5911c044121f64 Copy to Clipboard
SHA1 9d4cfcf30a75e7acbb9dce8ec4f219457865fccf Copy to Clipboard
SHA256 fd95c6be1e1e2d1788f6484bf2e0e9b35a949922273818482815c585afcf4826 Copy to Clipboard
SSDeep 6:YWybuOAX/uMpIIeNX40JWtXQVCikZLZRD7FkIFHH/aD5:YWybuvvX240JWtXAXkZ9RDRb5fu Copy to Clipboard
ImpHash -
73b2715ef864a02d104ccb28016b3dcbcaa950607d4abf25cbfbd58e873d671c Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 277 Bytes
MD5 cbdaccf333d142e78e3da9f104b3e2c2 Copy to Clipboard
SHA1 9dea5182b40b72ea5991fabf8907eed5727e3988 Copy to Clipboard
SHA256 73b2715ef864a02d104ccb28016b3dcbcaa950607d4abf25cbfbd58e873d671c Copy to Clipboard
SSDeep 6:yDaSjvPVesLXj7L+LRB2U4DFNYhLhhaYD41cK2fvFiwj:caS74Q3aRB2U4DF6hthaeocJvtj Copy to Clipboard
ImpHash -
98e732545c4fa316895d0bcab7aad08d5a48ac42eaf76c7e9fee1de0ff7a66bb Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 276 Bytes
MD5 d40aeb01111340b877d6272680015f73 Copy to Clipboard
SHA1 b395561bc9290ccb6a05cf4ef9cdc349e95c00af Copy to Clipboard
SHA256 98e732545c4fa316895d0bcab7aad08d5a48ac42eaf76c7e9fee1de0ff7a66bb Copy to Clipboard
SSDeep 6:yDaSjvPVeqa7L+LRB2U4DFNYhLhhaYD41cK2fvFiwj:caS74qa3aRB2U4DF6hthaeocJvtj Copy to Clipboard
ImpHash -
2ed27c1421e6928dbe13dbfdb5c59e1045b30341fe7ebe05700006bc5ac572c0 Downloaded File Text
Clean
...
»
MIME Type text/plain
File Size 6 Bytes
MD5 d42f2da1df5ecdf29be4ac27edda0c12 Copy to Clipboard
SHA1 b73d74fcede92cdd78ec92c2c5899671d1b32044 Copy to Clipboard
SHA256 2ed27c1421e6928dbe13dbfdb5c59e1045b30341fe7ebe05700006bc5ac572c0 Copy to Clipboard
SSDeep 3:ovn:ovn Copy to Clipboard
ImpHash -
VMRay - Analyzer - www.vmray.com
Legal Note - Privacy Policy
Function Logfile
Download-Icon
Exit-Icon

This feature requires an online-connection to the VMRay backend.

An offline version with limited functionality is also provided.
The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\". 


    

   

   

    Before
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    After
   

   

    

     

      
       This feature requires an online-connection to the VMRay backend.
      
      

      

      An offline version with limited functionality is also provided.
      

      The offline version is supported only in Mozilla Firefoxwith deactivated setting \"security.fileuri.strict_origin_policy\".
     

     

    

   

   

    

     
      

       
       
       
       
      

     
     
     
    

   

  

  

   

    

     Exit-Icon
    

    

     

      WHOIS Domain Information
     

     

      

       
        Domain Name
       
       
       
      

      

       
        WHOIS Response
       
       
        

       		
      

     

    

   

  

  

   

    
    

     Screenshot
    

    

     Expand-Icon
    

    

     Exit-Icon
    

   

   

    

     icon_left
    

    

     icon_left
    

   

   

   

   

    image